Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13423 | 1 Omeka | 1 Omeka | 2018-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. | |||||
| CVE-2018-1000536 | 1 Getmedis | 1 Medis | 2018-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value. | |||||
| CVE-2018-1000521 | 1 Bigtreecms | 1 Bigtree Cms | 2018-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279. | |||||
| CVE-2018-0605 | 1 Pixelpost | 1 Pixelpost | 2018-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1299 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2018-08-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161. | |||||
| CVE-2018-1000604 | 1 Jenkins | 1 Badge | 2018-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-13409 | 1 Jirafeau | 1 Jirafeau | 2018-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | |||||
| CVE-2018-13408 | 1 Jirafeau | 1 Jirafeau | 2018-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | |||||
| CVE-2018-0574 | 1 Basercms | 1 Basercms | 2018-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0570 | 1 Basercms | 1 Basercms | 2018-08-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-13003 | 1 Opentsdb | 1 Opentsdb | 2018-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI. | |||||
| CVE-2018-12973 | 1 Opentsdb | 1 Opentsdb | 2018-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI. | |||||
| CVE-2018-1000513 | 1 Limesurvey | 1 Limesurvey | 2018-08-21 | 3.5 LOW | 4.8 MEDIUM |
| LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x. | |||||
| CVE-2018-1000534 | 1 Joplin Project | 1 Joplin | 2018-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later. | |||||
| CVE-2018-1000508 | 1 Wpulike | 1 Ulike | 2018-08-20 | 3.5 LOW | 4.8 MEDIUM |
| WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2. | |||||
| CVE-2018-1000512 | 1 Tooltipy Project | 1 Tooltipy | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | |||||
| CVE-2018-12902 | 1 Easymagazine Project | 1 Easymagazine | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site. | |||||
| CVE-2018-12905 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions. | |||||
| CVE-2018-12711 | 1 Joomla | 1 Joomla\! | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. | |||||
| CVE-2018-1000557 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1. | |||||